Federal Trade Commission

If you don’t know exactly what your marketing company is doing — particularly as it relates to data collection and use — you need to find out, and then make sure to update your privacy policy to disclose those practices.

The hashtag: #WanderingSole. The event: High-end shoe company Cole Haan challenges its Pinterest followers to post pictures of themselves wearing the shoe brand in unique and creative places. Innocent enough, right? Not so fast.

One of the biggest takeaways from the recent opinion in FTC v. Wyndham Worldwide Corp., et al was that in the absence of formal FTC rules on data security practices, companies should consider the settlements and advisory opinions from prior FTC enforcement actions for guidance.

While senior management and a business sponsor may retain primary responsibility for the development of organizational policies and procedures, this process cannot operate in a vacuum independent of the board.

These developments indicate that businesses should take FTC data security guidance and regulatory enforcement actions in consideration when developing, monitoring and updating privacy policies and data security practices.

Facebook said it was just doing what it’s supposed to do when it proposed changes to its privacy policy late last month, but the social media giant has again drawn attention to its policy—and again, the Federal Trade Commission (FTC) is getting involved.